GDPR – the most important changes the European Union

We present practical information that illustrates the key changes that await us in the regulations on the protection of personal data in Europe

GDPR definition – General Data Protection Regulation

Any person processing personal data must prepare for important changes. In 2016, they entered into force, and from 25 May 2018, the provisions of the European regulation on the protection of personal data will become applicable. The law that we witness is more than twenty years after the adoption of Directive 95/46 / EC, the “mother” of the current legislation throughout the European Union. The new regulations introduce a lot of changes, based on the principle of accountability and the obligation to assess the risks associated with the processing of personal data.

The adjustment process will be long-lasting, so the preparation should begin as soon as possible so that the data protection system operating in the organization will be able to comply with the requirements of GDPR on May 25, 2018. Helping to prepare for GDPR, you may be familiar with the provisions of the draft “new” Personal Data Protection Act of 12 September 2017, published by the Ministry of Digitization. The project regulates, among others, issues related to certification, the procedure before GDPR and control activities carried out by GDPR.

Who will be protect by GDPR

In fact, all companies that collect and use data about individuals. These can be large corporations – for example, insurance companies or financial institutions – and small family businesses, such as an online store or a beauty salon.

From May of next year, the provisions on the protection of personal data for all 28 Member States are to be harmonized. The Polish law supplementing GDPR is to be created in the second half of 2017.

The intention of the EU officials was to modernize the data protection regulations that have been in place since 1995 and in the age of progressive digitization are becoming less practical. At the same time, the new law was created to be “technologically neutral”, meaning current regardless of the development of technology.

Therefore, the EU regulation does not contain any specific guidance on how to secure personal data. Because not all these guidelines would have to be different for each industry, it would soon be possible to re-adjust to changing conditions.

For entrepreneurs, this means that the implementation of new regulations will require a certain dose of creativity. Since the regulations do not explain point by point what to do, it means that they are somewhat unclear. And since they are unclear, you have to treat them in a way “sensitive” and in a very personalized way. The methods of securing and processing personal data will be customized by each entrepreneur individually to the nature of his undertaking.

The protection of personal data will not be limited to a few clearly defined activities, but rather the design of the entire security system – and set the procedures separately for all processes that take place within the company and take into account the use of personal data.

– Every entrepreneur operates differently. Data in the insurance sector are differently protected, in other words in the banking sector, and still in online commerce. Therefore, there is no single template, only everyone will get the responsibility to create it yourself.